NRD EA view on cyber security is a way to ensure business continuity. It has to protect our clients from:

• Financial loss;• Harm to organisation‘s image/reputation;• Leakage of information which can be lost only once.

Therefore, the main role in cyber security governance is allocated to organisation‘s top management, especially when seeking to:

• Protect organisation‘s reputation;• Rationally evaluate the costs of IT security, strategy, policies and vital services;• Effectively manage organisation‘s operations and protect the most important resources.

NRD EA assists management to evaluate the key goals of the organisation, security maturity level and identify possible threats in order to consult and design the most appropriate information security management model for the organisation. Furthermore, we assist in implementation process where we bring a modern knowledge and skill set which ensures successful and effective performance of technology and future expandability.

During the whole process we refer to internationally recognised methodologies (Cobit, Critical Security Controls) and standards (ISO 27000) as well as our own experience and good practices (NIST, CPNI; NATO CDCOE; ISACA, SANS institute).

Design, implementation, monitoring and development of information security management model:

• Identification of information resources and security level necessary to protect them;• Simulation and evaluation of possible threats;• Design of defence policy plan and procedures;• Selection, installation and maintenance of the most appropriate technologies;• Critical security control's effectiveness monitoring, maintenance and development;• Designing model of partnership with national cyber security and law enforcement institutions.

Creation and implementation of capacity building programmes ensuring information security, confidentiality, availability and integrity, and designed for these groups:

• Top managers and people, responsible for strategic decisions; especially in case of critical situations;• People that manage security incidents and cooperate with law enforcement institutions;• People that have to communicate with inside and outside about security incidents;• Associated third parties.